The "default" VLAN is VLAN 1, and traffic over ports are Untagged by default (at least, in the switches that we use). We've created VLAN 2 and marked the necessary ports as Tagged, and it's working beautifully. However, all of the ports that I did not Tag are blank/non-members by default. What is the difference between having a port Untagged vs. being a non-member for the VLAN?
If a port is a member of VLAN 2 and untagged, then it will likely be configured as an access port - i.e. all data in and out will just be the data that is on VLAN 2, but the data will not have VLAN tags.
If a port is a member of VLAN 2 and tagged, the packets in and out will all be tagged as members of VLAN 2, and the port may be configured as a trunk port - i.e. the default untagged VLAN 1 may also be present, and you can also have additional tagged VLANS.
For the first scenario, this would allow you to set up VLANS for where trunking is required, but each port can have any old device plugged into it, whether the device is VLAN aware or not.
For the second scenario this would mean any device plugged into one of these ports that is not VLAN aware (or not correctly configured) would only ever see the default untagged VLAN, and you would need correctly configured VLAN aware devices to utilise VLAN 2.